PageFair has calculated that about 2.3 percent of the visitors to those sites would have been at risk of being infected.

The attackers gained access to a key email account at PageFair and then reset the password for a PageFair account at a content distribution network (CDN).

The CDN was used to serve a javascript tag created by PageFair that collects data about websites. The hackers swapped out the javascript tag for their own malicious code, which was then served by some publishers that use PageFair's tag.